Authentication and Authorization Auditable Event Methods for Confluent Cloud Schema Registry¶
Confluent Cloud audit logs contain records of auditable events for authentication and authorization actions on Confluent Cloud Schema Registry and Stream Catalog. When an auditable event occurs, a message is sent to the audit log and is stored as an audit log record.
Authentication auditable event methods for Schema Registry and Stream Catalog¶
Included here are the authentication actions, or operations, on
Confluent Cloud Schema Registry and
Confluent Cloud Stream Catalog
that generate auditable event messages for the
io.confluent.sg.server/authentication
event.
Auditable event methods¶
- schema-registry.Authentication
- A request to authenticate to Schema Registry using an API key or token.
Examples of authentication auditable event messages¶
schema-registry.Authentication¶
The schema-registry.Authentication
event method is triggered by a request
for authentication to Schema Registry using an API key or token.
SUCCESS
{
"datacontenttype": "application/json",
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "schema-registry.Authentication",
"cloudResources": [
{
"scope": {
"resources": [
{
"type": "ORGANIZATION",
"resourceId": "bc64d0fb-84b7-4467-a36b-3ad3cd8c188d"
},
{
"type": "ENVIRONMENT",
"resourceId": "env-qjygy6"
}
]
},
"resource": {
"type": "SCHEMA_REGISTRY",
"resourceId": "lsrc-gx9kdv"
}
}
],
"authenticationInfo": {
"principal": {
"confluentUser": {
"resourceId": "u-y35x87"
}
},
"result": "SUCCESS",
"credentials": {
"idSecretCredentials": {
"credentialId": "7TBXED2PT5CAKIGK"
},
"mechanism": "HTTP_BASIC"
}
},
"requestMetadata": {
"requestId": [
"8406167c-8c05-11ed-8f14-5f38e5250914"
]
},
"resourceName": "crn://confluent.cloud/organization=bc64d0fb-84b7-4467-a36b-3ad3cd8c188d/environment=env-qjygy6/schema-registry=lsrc-gx9kdv"
},
"subject": "crn://confluent.cloud/organization=bc64d0fb-84b7-4467-a36b-3ad3cd8c188d/environment=env-qjygy6/schema-registry=lsrc-gx9kdv",
"specversion": "1.0",
"id": "7fced40b-f893-429e-aa08-be584268379a",
"source": "crn://confluent.cloud/",
"time": "2023-01-04T07:58:03.708Z",
"type": "io.confluent.sg.server/authentication"
}
Authorization auditable event methods for Schema Registry¶
Included here are the authorization actions, or operations, on Schema Registry
that generate auditable event messages for the io.confluent.sg.server/authorization
event type.
Auditable event methods¶
Each of the following auditable event methods is triggered by a request to the Schema Registry API. Each method listed includes the action triggering an auditable event message and the associated Schema Registry API request.
- DeleteSubject
Deletes the specified subject and its associated compatibility level if registered.
DELETE /subjects/(string: subject)
- RegisterSchema
Register a new schema under the specified subject. (Essentially, create a new schema.)
POST /subjects/(string: subject)/versions
- LookUpSchemaUnderSubject
Check if a schema has already been registered under the specified subject.
POST /subjects/(string: subject)
- DeleteSchemaVersion
Deletes a specific version of the schema registered under this subject.
DELETE /subjects/(string: subject)/versions/(versionId: version)
Authorization auditable event methods for Stream Catalog¶
Included here are the authorization actions, or operations, on Confluent Cloud Stream Catalog
that generate auditable event messages for the io.confluent.sg.server/authorization
event type.
Auditable event methods¶
Each of the following auditable event methods is triggered by a request to the Stream Catalog API. Each method listed includes the action triggering an auditable event message and the associated Stream Catalog API request.
- PartialEntityUpdate
Partially update an entity.
PUT catalog/v1/entity
- CreateTags
Triggered by a request to create tags.
POST catalog/v1/entity/tags
- UpdateTags
Triggered by a request to update tags.
PUT catalog/v1/entity/tags
- DeleteTag
Delete a tag on an entity.
DELETE catalog/v1/entity/type/{typeName}/name/{qualifiedName}/tags/{tagName}
- CreateBusinessMetadata
Create business metadata.
POST catalog/v1/entity/businessmetadata
- UpdateBusinessMetadata
Update business metadata.
PUT catalog/v1/entity/businessmetadata
- DeleteBusinessMetadata
Delete a business metadata on an entity.
DELETE catalog/v1/entity/type/{typeName}/name/{qualifiedName}/businessmetadata/{bmName}
- CreateOrUpdateEntity
Create or update entity.
POST catalog/v1/entity
- DeleteEntityByTypeAndName
Delete the entity uniquely identified by its type and name.
DELETE catalog/v1/entity/type/{typeName}/name/{qualifiedName}
- SearchCatalogUsingBasicQuery
Retrieve data for the specified full text query.
GET catalog/v1/search/basic
- SearchCatalogUsingAttributes
Retrieve data for the specified attribute search query.
GET catalog/v1/search/attribute
- CreateTagDefs
Create tag definitions.
POST catalog/v1/types/tagdefs
- UpdateTagDefs
Update tag definitions.
PUT catalog/v1/types/tagdefs
- DeleteTagDef
Delete tag definitions identified by its name.
DELETE catalog/v1/types/tagdefs/{tagName}
- CreateBusinessMetadataDefs
Create business metadata definitions.
POST catalog/v1/types/businessmetadatadefs
- UpdateBusinessMetadataDefs
Update business metada definitions.
PUT catalog/v1/types/businessmetadatadefs
- DeleteBusinessMetadataDef
Delete business metadata definition identified by its name.
DELETE catalog/v1/types/businessmetadatadefs/{bmName}